> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Update User

> Partial update of a user: `display_name`, `full_name`, `date_of_birth`, `status`, `metadata`, `approved_emails`/`approved_phones`/`issuing_states`. `metadata` fully replaces. **Note:** unlike [Update User Status](#patch-/v3/users/-vendor_data-/update-status/), changing `status` here does NOT record a status-change activity and does NOT sync the system blocklist — use the dedicated update-status endpoint for `BLOCKED`/unblock flows.

export const AgentPromptAccordion = ({prompt, title = "AI Agent Integration Prompt"}) => {
  const [copied, setCopied] = React.useState(false);
  const handleCopy = e => {
    e.stopPropagation();
    if (!prompt) return;
    navigator.clipboard.writeText(prompt.trim()).then(() => {
      setCopied(true);
      setTimeout(() => setCopied(false), 2000);
    });
  };
  const agents = ["Claude Code", "Codex", "Cursor", "Devin", "Windsurf", "GitHub Copilot"];
  return <div className="didit-agent-card">
      {}
      <div className="didit-agent-titlebar">
        <div className="didit-agent-dots" aria-hidden="true">
          <span className="didit-agent-dot didit-agent-dot-red"></span>
          <span className="didit-agent-dot didit-agent-dot-yellow"></span>
          <span className="didit-agent-dot didit-agent-dot-green"></span>
        </div>
        <span className="didit-agent-filename">{title}</span>
        <button type="button" className={`didit-agent-copy ${copied ? "didit-agent-copy-copied" : ""}`} onClick={handleCopy} title="Copy prompt to clipboard" aria-label={copied ? "Copied!" : "Copy prompt to clipboard"}>
          {copied ? <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <path d="M3 8.5l3.5 3.5L13 4" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" />
              </svg>
              <span>Copied</span>
            </> : <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <rect x="5" y="5" width="9" height="9" rx="1.5" stroke="currentColor" strokeWidth="1.5" />
                <path d="M11 5V3.5A1.5 1.5 0 0 0 9.5 2h-6A1.5 1.5 0 0 0 2 3.5v6A1.5 1.5 0 0 0 3.5 11H5" stroke="currentColor" strokeWidth="1.5" />
              </svg>
              <span>Copy</span>
            </>}
        </button>
      </div>

      {}
      <pre className="didit-agent-body"><code>{prompt.trim()}</code></pre>

      {}
      <div className="didit-agent-footer">
        <span className="didit-agent-footer-label">Paste into</span>
        <div className="didit-agent-chips">
          {agents.map(name => <span key={name} className="didit-agent-chip">{name}</span>)}
        </div>
      </div>
    </div>;
};

<AgentPromptAccordion
  title="Update User Prompt"
  prompt={`Goal: Partial-update a Didit User entity by vendor_data.

Endpoint: PATCH https://verification.didit.me/v3/users/{vendor_data}/
Auth header: x-api-key: <DIDIT_API_KEY>
Content-Type: application/json

Path param:
- vendor_data (string, REQUIRED) — free-form string, NOT a UUID. URL-encode.

Request body (PARTIAL — only included fields are touched; auto-derived counters and session history are left alone):
- full_name (string, max 512, nullable)
- display_name (string, nullable)
- date_of_birth (string YYYY-MM-DD, nullable)
- status (enum) — "ACTIVE" | "FLAGGED" | "BLOCKED" (VendorUserStatusChoices). Setting "BLOCKED" auto-adds vendor_data to the system blocklist; flipping away removes it.
- metadata (object, nullable) — REPLACES existing metadata wholesale; merge client-side if you only want to add keys.
- approved_emails (object<string, boolean>)
- approved_phones (object<string, boolean>)
- issuing_states (object<ISO3, int>)

curl:
curl -X PATCH 'https://verification.didit.me/v3/users/user-abc-123/' \\
-H 'x-api-key: YOUR_API_KEY' \\
-H 'Content-Type: application/json' \\
-d '{"display_name": "Jane S.", "status": "FLAGGED"}'

Response 200: full updated UserDetailItem (same shape as GET). See /reference/data-models.

Side effects:
- Writes an entry to the user's comments activity log (actor derived from the API key).
- last_activity_at bumped to now().
- Concurrent updates: last-write-wins per field.
- Re-sending an unchanged body is safe (no extra audit row).

Failure modes:
- 400 — validation. Examples:
{ "status": ["Invalid status. Valid options are: ACTIVE, FLAGGED, BLOCKED"] }
{ "metadata": ["Metadata must be a JSON object."] }
date_of_birth must be YYYY-MM-DD.
- 401 — missing/invalid x-api-key. { "detail": "Authentication credentials were not provided." }
- 403 — lacks update:users. { "detail": "You do not have permission to perform this action." }
- 404 — vendor_data not found. { "detail": "Not found." }
- 429 — rate-limited.

Notes:
- vendor_data in the URL itself cannot be changed via this endpoint — create new + delete old to rekey.
- For status-only flips, prefer the dedicated PATCH /v3/users/{vendor_data}/update-status/.
- Overriding fields populated by a verified session is allowed but flagged in the audit log.

For end-to-end Didit integration, paste in the full prompt at /integration/integration-prompt.`}
/>

## Overview

Updates mutable fields on a [User entity](/entities/users/overview). Fields propagated from verified User Verification (KYC) sessions (`full_name`, `date_of_birth`, `portrait_image`, aggregate counters, `features`) are read-only.

## When to use it

* **Update your own metadata** — move a user between tiers, change tags, record an internal note.
* **Rename** — set a better `display_name` for internal-facing console views.
* **Override verified data** (with caution) — manual overrides are allowed but logged to the audit trail.

## Notes

* `vendor_data` in the URL cannot be changed via this endpoint. Create a new user and delete the old one if you need to rekey.
* Emits a `user.data.updated` webhook with a `changed_fields` array so consumers can sync efficiently.
* If you PATCH a field that is currently managed by a verified session, the override will be accepted but flagged in the [audit log](/console/audit-logs).

## Permissions

Role must grant `update:users`.

## Related

* [User operations](/entities/users/operations)
* [Data model](/entities/users/data-model)
* [Update status](/management-api/users/update-status)


## OpenAPI

````yaml PATCH /v3/users/{vendor_data}/
openapi: 3.0.0
info:
  version: 3.0.0
  title: Didit Verification API
  description: Identity verification API. Authenticate with x-api-key header.
servers:
  - url: https://verification.didit.me
security: []
tags: []
paths:
  /v3/users/{vendor_data}/:
    patch:
      tags:
        - Users
      summary: Update user
      description: >-
        Partial update of a user: `display_name`, `full_name`, `date_of_birth`,
        `status`, `metadata`,
        `approved_emails`/`approved_phones`/`issuing_states`. `metadata` fully
        replaces. **Note:** unlike [Update User
        Status](#patch-/v3/users/-vendor_data-/update-status/), changing
        `status` here does NOT record a status-change activity and does NOT sync
        the system blocklist — use the dedicated update-status endpoint for
        `BLOCKED`/unblock flows.
      operationId: update_user
      parameters:
        - name: vendor_data
          in: path
          required: true
          schema:
            type: string
          description: Your unique identifier for the user (free-form string, NOT a UUID).
          example: user-abc-123
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                full_name:
                  type: string
                  nullable: true
                  maxLength: 512
                  description: Full name of the user
                display_name:
                  type: string
                  nullable: true
                  description: Custom display name for this user
                date_of_birth:
                  type: string
                  format: date
                  nullable: true
                  description: Date of birth in YYYY-MM-DD format
                status:
                  type: string
                  enum:
                    - ACTIVE
                    - FLAGGED
                    - BLOCKED
                  description: >-
                    User lifecycle status. Changing it via this generic PATCH
                    does NOT sync the system blocklist or record a status-change
                    activity; prefer the update-status endpoint.
                metadata:
                  type: object
                  nullable: true
                  description: >-
                    Arbitrary JSON object you attach to the user. **Fully
                    replaces** the existing metadata on update — merge
                    client-side if you only want to add keys.
                approved_emails:
                  type: array
                  items:
                    type: string
                  description: >-
                    Verified email addresses for this user, e.g.
                    `["john@example.com"]`. Fully replaces the stored list.
                approved_phones:
                  type: array
                  items:
                    type: string
                  description: >-
                    Verified phone numbers for this user. Fully replaces the
                    stored list.
                issuing_states:
                  type: array
                  items:
                    type: string
                  description: >-
                    Issuing countries (ISO 3166-1 alpha-3), e.g. `["USA"]`.
                    Fully replaces the stored list.
            examples:
              Rename:
                summary: Set display name
                value:
                  display_name: Jane S.
              Override status:
                summary: Flag the user for review
                value:
                  status: FLAGGED
              Add metadata:
                summary: Replace metadata JSON
                value:
                  metadata:
                    tier: premium
                    risk_level: low
              Fix extracted DOB:
                summary: Correct extracted profile fields
                value:
                  full_name: Jane Elizabeth Smith
                  date_of_birth: '1985-11-22'
      responses:
        '200':
          description: >-
            User updated. The full updated user record (same shape as Get User)
            is returned.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserDetailItem'
              examples:
                Updated:
                  value:
                    didit_internal_id: f4e5e1f2-94a9-4f86-8c16-2b7d9b4db418
                    vendor_data: user-abc-123
                    display_name: Jane S.
                    full_name: Jane Elizabeth Smith
                    date_of_birth: '1985-11-22'
                    effective_name: Jane S.
                    status: FLAGGED
                    metadata:
                      tier: premium
                    portrait_image_url: https://<media-host>/...
                    session_count: 3
                    approved_count: 2
                    declined_count: 0
                    in_review_count: 1
                    issuing_states:
                      - USA
                    approved_emails:
                      - john@example.com
                    approved_phones:
                      - '+14155551234'
                    features:
                      ID_VERIFICATION: Approved
                      LIVENESS: Approved
                      FACE_MATCH: Approved
                      AML: Approved
                    features_list:
                      - feature: ID_VERIFICATION
                        status: Approved
                      - feature: LIVENESS
                        status: Approved
                      - feature: FACE_MATCH
                        status: Approved
                      - feature: AML
                        status: Approved
                    last_session_at: '2025-06-15T10:30:00Z'
                    last_activity_at: '2025-06-15T10:30:00Z'
                    first_session_at: '2025-06-01T08:00:00Z'
                    tags:
                      - uuid: 9a8b7c6d-5e4f-4a3b-8c2d-1e0f9a8b7c6d
                        tag:
                          uuid: e1f2a3b4-c5d6-4e7f-8a9b-0c1d2e3f4a5b
                          name: VIP
                          color: '#2567FF'
                          description: null
                          source: custom
                          created_at: '2025-05-01T09:00:00Z'
                          updated_at: '2025-05-01T09:00:00Z'
                        added_by_email: analyst@acme.com
                        added_by_name: Jane Analyst
                        created_at: '2025-06-02T11:00:00Z'
                    comments: []
                    created_at: '2025-06-01T08:00:00Z'
                    updated_at: '2025-06-15T10:30:00Z'
        '400':
          description: >-
            Invalid body — typically an unknown `status` or a `date_of_birth`
            not in `YYYY-MM-DD`.
          content:
            application/json:
              examples:
                Bad status:
                  value:
                    status:
                      - '"INVALID" is not a valid choice.'
                Bad date_of_birth:
                  value:
                    date_of_birth:
                      - >-
                        Date has wrong format. Use one of these formats instead:
                        YYYY-MM-DD.
        '401':
          description: >-
            No credentials supplied. Requests to `/v3/users/*` paths without an
            `x-api-key` header (or `Authorization: Bearer` token) are rejected
            by the authentication middleware before reaching the API.
          content:
            application/json:
              examples:
                Missing credentials:
                  value:
                    detail: >-
                      You must be authenticated with a valid access token to
                      access this endpoint.
        '403':
          description: >-
            Invalid or revoked API key, or the key cannot update users for this
            application. Note: on this endpoint an *invalid* key returns `403`
            (not `401`).
          content:
            application/json:
              examples:
                Forbidden:
                  value:
                    detail: You do not have permission to perform this action.
        '404':
          description: No user with the supplied `vendor_data` exists for this application.
          content:
            application/json:
              examples:
                Not found:
                  value:
                    detail: Not found.
        '429':
          description: >-
            Rate limit exceeded; back off and retry after the interval indicated
            in `Retry-After`.
          content:
            application/json:
              examples:
                Rate limited:
                  value:
                    detail: Request was throttled. Expected available in 30 seconds.
      security:
        - ApiKeyAuth: []
      x-codeSamples:
        - lang: curl
          label: curl
          source: >-
            curl -X PATCH 'https://verification.didit.me/v3/users/user-abc-123/'
            \
              -H 'x-api-key: YOUR_API_KEY' \
              -H 'Content-Type: application/json' \
              -d '{"display_name": "Jane S.", "status": "FLAGGED"}'
        - lang: python
          label: Python
          source: |-
            import requests

            resp = requests.patch(
                'https://verification.didit.me/v3/users/user-abc-123/',
                headers={'x-api-key': 'YOUR_API_KEY', 'Content-Type': 'application/json'},
                json={'display_name': 'Jane S.', 'status': 'FLAGGED'},
            )
            resp.raise_for_status()
            print(resp.json()['status'])
        - lang: javascript
          label: JavaScript
          source: >-
            const resp = await
            fetch('https://verification.didit.me/v3/users/user-abc-123/', {
              method: 'PATCH',
              headers: { 'x-api-key': process.env.DIDIT_API_KEY, 'Content-Type': 'application/json' },
              body: JSON.stringify({ display_name: 'Jane S.', status: 'FLAGGED' }),
            });

            const user = await resp.json();

            console.log(user.status);
components:
  schemas:
    UserDetailItem:
      type: object
      description: >-
        Full user detail. Extends UserListItem with metadata, comments, and
        updated_at.
      allOf:
        - $ref: '#/components/schemas/UserListItem'
        - type: object
          properties:
            metadata:
              type: object
              description: >-
                Custom metadata JSON you attached to this user. Defaults to
                `{}`.
            tags:
              type: array
              description: >-
                Tag assignments. NOTE: on detail responses each entry is a tag
                *link* object (`{uuid, tag: {...}, added_by_email,
                added_by_name, created_at}`), unlike the flat `{uuid, name,
                color}` shape used on list responses.
              items:
                type: object
                properties:
                  uuid:
                    type: string
                    format: uuid
                    description: UUID of the tag assignment (not the tag itself).
                  tag:
                    type: object
                    properties:
                      uuid:
                        type: string
                        format: uuid
                      name:
                        type: string
                      color:
                        type: string
                      description:
                        type: string
                        nullable: true
                      source:
                        type: string
                        enum:
                          - didit
                          - custom
                      created_at:
                        type: string
                        format: date-time
                      updated_at:
                        type: string
                        format: date-time
                  added_by_email:
                    type: string
                    nullable: true
                  added_by_name:
                    type: string
                    nullable: true
                  created_at:
                    type: string
                    format: date-time
            comments:
              type: array
              items:
                type: object
                properties:
                  uuid:
                    type: string
                    format: uuid
                  comment_type:
                    type: string
                    enum:
                      - COMMENT
                      - STATUS_CHANGED
                      - METADATA_UPDATED
                      - TAG_ADDED
                      - TAG_REMOVED
                      - PROFILE_UPDATED
                  comment:
                    type: string
                    nullable: true
                  actor_email:
                    type: string
                    nullable: true
                  actor_name:
                    type: string
                    nullable: true
                  previous_status:
                    type: string
                    nullable: true
                    enum:
                      - ACTIVE
                      - FLAGGED
                      - BLOCKED
                      - null
                  new_status:
                    type: string
                    nullable: true
                    enum:
                      - ACTIVE
                      - FLAGGED
                      - BLOCKED
                      - null
                  previous_value:
                    type: object
                    nullable: true
                    description: Previous field values for PROFILE_UPDATED entries.
                  new_value:
                    type: object
                    nullable: true
                    description: New field values for PROFILE_UPDATED entries.
                  changed_fields:
                    type: array
                    items:
                      type: string
                    description: Names of the fields changed by a PROFILE_UPDATED entry.
                  metadata:
                    type: object
                    nullable: true
                  mentioned_emails:
                    type: array
                    items:
                      type: string
                  created_at:
                    type: string
                    format: date-time
              description: >-
                Activity log and comments for this user (status changes, profile
                edits, manual notes).
            updated_at:
              type: string
              format: date-time
    UserListItem:
      type: object
      description: A verified user.
      properties:
        didit_internal_id:
          type: string
          format: uuid
          description: Didit's stable internal UUID for this user.
        vendor_data:
          type: string
          nullable: true
          description: >-
            Your unique identifier for this user (passed when creating
            sessions). This can be null when no vendor identifier was supplied.
        display_name:
          type: string
          nullable: true
          description: Custom display name set by you
        full_name:
          type: string
          nullable: true
          description: Full name extracted from verified documents
        date_of_birth:
          type: string
          format: date
          nullable: true
        effective_name:
          type: string
          nullable: true
          description: 'Best available name: display_name if set, otherwise full_name'
        status:
          type: string
          enum:
            - ACTIVE
            - FLAGGED
            - BLOCKED
          description: >-
            Lifecycle status of the user record (NOT a session status). `ACTIVE`
            is the default, `FLAGGED` marks the user for manual attention,
            `BLOCKED` prevents new sessions for this `vendor_data`.
        portrait_image_url:
          type: string
          nullable: true
          description: >-
            Presigned URL of the user's portrait photo (expires after a few
            hours)
        session_count:
          type: integer
          description: Total number of verification sessions for this user
        approved_count:
          type: integer
          description: Number of approved sessions
        declined_count:
          type: integer
          description: Number of declined sessions
        in_review_count:
          type: integer
          description: Number of sessions in review
        issuing_states:
          type: array
          items:
            type: string
          description: >-
            ISO 3166-1 alpha-3 codes of issuing countries seen on this user's
            approved ID documents, e.g. `["USA", "ESP"]`. Empty array when none.
        approved_emails:
          type: array
          items:
            type: string
          description: >-
            Verified email addresses collected from this user's approved
            sessions, e.g. `["john@example.com"]`.
        approved_phones:
          type: array
          items:
            type: string
          description: >-
            Verified phone numbers collected from this user's approved sessions,
            e.g. `["+14155551234"]`.
        features:
          type: object
          description: >-
            Aggregated per-feature status across all of this user's sessions.
            Possible keys: `ID_VERIFICATION`, `NFC`, `LIVENESS`, `FACE_MATCH`,
            `POA`, `QUESTIONNAIRE`, `EMAIL_VERIFICATION`, `PHONE`, `AML`,
            `IP_ANALYSIS`, `AGE_ESTIMATION`, `DATABASE_VALIDATION`. Possible
            values: `Approved`, `Declined`, `In Review`, `Not Finished`, `Resub
            Requested`.
        features_list:
          type: array
          items:
            type: object
            properties:
              feature:
                type: string
              status:
                type: string
          description: >-
            Same data as `features`, as an ordered array of `{feature, status}`
            objects.
        last_session_at:
          type: string
          format: date-time
          nullable: true
          description: Timestamp of the most recent session
        first_session_at:
          type: string
          format: date-time
          nullable: true
          description: Timestamp of the first session
        last_activity_at:
          type: string
          format: date-time
          nullable: true
          description: >-
            Timestamp of the most recent activity on this user (session,
            transaction, status change, data edit, etc.).
        tags:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              name:
                type: string
              color:
                type: string
          description: Tags assigned to this user
        created_at:
          type: string
          format: date-time
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key

````